Comments (30)
Set rubyonrails.org up with google webmaster tools, submitted the sitemap, and requested a re-indexing from google. Hopefully that clears things up in 24 hours or so.
from homepage.
Super cool, @connorshea! Thanks for sharing.
I see this as a nice-to-have at this point, outweighed by the value we got from consolidating our setup. Happy to wait weeks, months, to see if GitHub steps it up 😊
from homepage.
@twe4ked That's because the certificate is the one Github provided for rails.github.io
which makes it invalid for rubyonrails.org
the only solutions to that problem are the ones we've discussed earlier in the thread.
from homepage.
@eileencodes @dhh Someone should check the https://github.com/rails/homepage/settings since I noticed that GitHub has been trialing Let's Encrypt support for GitHub Pages sites.
I just turned it on for keepachangelog.com last night and it was a breeze:
It would be a really good thing if rubyonrails.org could be served through HTTPS.
from homepage.
From the setting page: "Unavailable for your site because you have a custom domain configured (rubyonrails.org)"
But we are working on it.
from homepage.
from homepage.
👍
from homepage.
GitHub pages, that is what we use for publishing our website, doesn't support HTTPS. Without moving this site to a different infrastructure or putting a CDN in front of it would be impossible to implement HTTPS. You can find the same checksums in the rubygems page (which uses HTTPS) so you can double check if there was any modification in the content using it.
I'm not sure if it is worth to use HTTPS in the website and blog until we have support for that in GitHub pages.
from homepage.
Well, you can just toss Cloudflare in front of it, which is probably a good idea anyway.
from homepage.
Well, you can just toss Cloudflare in front of it, which is probably a good idea anyway.
Yes, that is exactly what I said with "putting a CDN in front of it". Having cloudflare still don't solve this issue because the connection between Cloudflare and GitHub pages will be unencrypted and an attacker would be able to modify the pages content there too
from homepage.
GitHub pages allows HTTPS like that: https://example.github.io
.
Even though you've to trust Cloudflare in proxying between the two secure connections (user ↔ Cloudflare, Cloudflare ↔ GitHub), I believe it's still the better solution than no HTTPS. What is more trustful in your eyes? Cloudflare or any WLAN accesspoint or ISP your visitors are using?
Update:
Apprearently I was wrong about the HTTPS connection between Cloudflare and GitHub:
- https://konklone.com/post/github-pages-now-sorta-supports-https-so-use-it
- isaacs/github#156 (comment)
The connection between Cloudflare and GitHub is not being encrypted.
from homepage.
@rafaelfranca I still think it's valuable, as it prevents bad actors from snooping into user traffic.
The only way to have all the benefits of SSL is to host it on something besides Github pages, which I think might be a good idea anyway. I don't know much about hosting static sites, but, in all honesty, it doesn't sound too hard to just throw up an EC2 instance with NGINX and LetsEncrypt.
from homepage.
@AnthonySuper I know this issue is old but I'm putting my 2 cents in. But Github Pages is free and EC2 is not. Probably the only viable solution without a budget increase is Cloudflare but that'll mainly slow down GH Pages in my experience.
from homepage.
They could always mirror this repository onto GitLab and use GitLab Pages with Let's Encrypt.
from homepage.
We could host it ourselves again, but we moved to GH pages to get out of that business.
Odds are we can be patient a while and GitHub will support TLS sooner than later 😙
from homepage.
@jeremy That's prolly best course of action. I'm surprised they don't support it already.
from homepage.
@jeremy You can use https://gitlab.com w/ Pages for free: https://pages.gitlab.io/
GitLab Pages is just like GitHub Pages, but with TLS :) I can understand not wanting to move off GitHub, but you can mirror the homepage repo and have commits synced between the two every hour. You can also trigger a manual sync if you want to get a change out ASAP.
Worth considering, but again, I can definitely understand the convenience of GH Pages.
See also: https://about.gitlab.com/2016/04/11/tutorial-securing-your-gitlab-pages-with-tls-and-letsencrypt/
Disclosure: GitLab employee :P
from homepage.
The first result in Google is pointing to the HTTPS URL which currently has a certificate error:
from homepage.
from homepage.
@dhh It already is
from homepage.
from homepage.
Well best guess they're detecting that we have the certificate without seeing that it's invalid...
from homepage.
@dhh I beleive the Canonical tag was added after we found that google was picking https to index over http. If we (Rails) have google webmaster tools (or search console I think it's called now) we can force a re-crawl of the Rails site. If we don't we can add it easily enough and force a re-crawl.
from homepage.
from homepage.
How strange. Searching Google for "rails" gives me an http link which works, but "ruby on rails" gives an https link to the same page...
I would (like others) strongly encourage moving to https in any case. Even if there's not a compelling need, rails should be setting a good example in this regard - also, search engines and browsers are more and more favouring https.
from homepage.
From the setting page: "Unavailable for your site because you have a custom domain configured (rubyonrails.org)"
from homepage.
Maybe @eileencodes can put in a good word with the team at GitHub responsible for this because Keep a Changelog definitely has the same custom domain settings.
https://help.github.com/articles/securing-your-github-pages-site-with-https/ says:
HTTPS is not supported for GitHub Pages using custom domains.
But clearly it's not true in all cases anymore.
from homepage.
Apparently is not a 'production ready' feature, still on testing phase, and not officially supported:
https://gist.github.com/coolaj86/e07d42f5961c68fc1fc8#gistcomment-2370070
Hi ligi,
As you've discovered, some GitHub Pages sites have been issued SSL certificates from Let's Encrypt, enabling HTTPS for your custom domain. This isn't officially supported yet and it's not possible for you to enable and enforce it on your sites at this time.
We know how important secure browsing is for our users, but we don't have anything official to announce at this time. If and when this feature is officially released, we will announce it on our blog:
https://github.com/blog
Let us know if you have other questions!
Thanks,
Thomas
GitHub Support
from homepage.
https://blog.github.com/2018-05-01-github-pages-custom-domains-https/
☝️ this is good news from Github. Any chance to enable it for rubyonrails.org? Thanks!
from homepage.
Once your updated DNS records have propagated, and you’ve confirmed that your site loads correctly over HTTPS, you can optionally “Enforce HTTPS” for your domain in your repository’s settings, ensuring users who request your site over HTTP are upgraded to HTTPS.
from homepage.
Related Issues (20)
- All trailing slashes are broken HOT 2
- Show stable release information HOT 2
- Many top header links broken on RoR website. HOT 4
- Project Links from rails.gemspec and Rubygems lead to Nginx placeholder page HOT 3
- Supported Versions in Security Policy since Rails 5.1 release
- Translation on other languages HOT 1
- I want to add "install button" to top page of http://rubyonrails.org/.
- More inclusive imagery HOT 2
- Insecure connection on rubyonrails.org and *.rubyonrails.org sites not responding HOT 2
- 5.0 missing from Severe Security Issues? HOT 1
- SSL certificate should be added also for 'www.rubyonrails.org' HOT 3
- guides.rubyonrails.com is down HOT 3
- Site is only scoring an 86 on accessibility HOT 1
- Navbar To Small Screen
- Question about translating the Rails Doctrine
- Question about version number description
- Question about maintenance page vs. maintenance guides page HOT 2
- Add Netlify previews for Pull Requests HOT 3
- Broken links in guides
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from homepage.